luci-app-upnp: protect lease delete call with csrf token

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

diff --git a/applications/luci-app-upnp/luasrc/controller/upnp.lua b/applications/luci-app-upnp/luasrc/controller/upnp.lua
index 790bf29..a0e2fd5 100644 (file)
--- a/applications/luci-app-upnp/luasrc/controller/upnp.lua
+++ b/applications/luci-app-upnp/luasrc/controller/upnp.lua
@@ -15,7 +15,7 @@ function index()
        page.dependent = true
 
        entry({"admin", "services", "upnp", "status"}, call("act_status")).leaf = true
        page.dependent = true
 
        entry({"admin", "services", "upnp", "status"}, call("act_status")).leaf = true

-       entry({"admin", "services", "upnp", "delete"}, call("act_delete")).leaf = true
+       entry({"admin", "services", "upnp", "delete"}, post("act_delete")).leaf = true

 end
 
 function act_status()
 end
 
 function act_status()

diff --git a/applications/luci-app-upnp/luasrc/view/upnp_status.htm b/applications/luci-app-upnp/luasrc/view/upnp_status.htm
index ce735cf..e358dcd 100644 (file)
--- a/applications/luci-app-upnp/luasrc/view/upnp_status.htm
+++ b/applications/luci-app-upnp/luasrc/view/upnp_status.htm
@@ -1,6 +1,6 @@
 <script type="text/javascript">//<![CDATA[
        function upnp_delete_fwd(idx) {
 <script type="text/javascript">//<![CDATA[
        function upnp_delete_fwd(idx) {

-               XHR.get('<%=url('admin/services/upnp/delete')%>/' + idx, null,
+               (new XHR()).post('<%=url('admin/services/upnp/delete')%>/' + idx, { token: '<%=token%>' },

                        function(x)
                        {
                                var tb = document.getElementById('upnp_status_table');
                        function(x)
                        {
                                var tb = document.getElementById('upnp_status_table');